It was discovered that Mailman did not properly sanitize certain fields,resulting in cross-site scripting (XSS) vulnerabilities. With cross-sitescripting vulnerabilities, if a user were tricked into viewing serveroutput during a crafted server request, a remote attacker could exploitthis to modify the contents, or steal confidential data, within the samedomain.

Solution:The problem can be corrected by upgrading your system to thefollowing package versions:

Ubuntu 6.06 LTS: mailman 2.1.5-9ubuntu4.4

Ubuntu 8.04 LTS: mailman 1:2.1.9-9ubuntu1.4

Ubuntu 9.10: mailman 1:2.1.12-2ubuntu0.2

Ubuntu 10.04 LTS: mailman 1:2.1.13-1ubuntu0.2

Ubuntu 10.10: mailman 1:2.1.13-4ubuntu0.2

In general, a standard system update will make all the necessary changes.